Who controls the off switch?

July 26th, 2010 at 17:18 UTC by Ross Anderson

We have a new paper on the strategic vulnerability created by the plan to replace Britain’s 47 million meters with smart meters that can be turned off remotely. The energy companies are demanding this facility so that customers who don’t pay their bills can be switched to prepayment tariffs without the hassle of getting court orders against them. If the Government buys this argument – and I’m not convinced it should – then the off switch had better be closely guarded. You don’t want the nation’s enemies to be able to turn off the lights remotely, and eliminating that risk could just conceivably be a little bit more complicated than you might at first think. (This paper follows on from our earlier paper On the security economics of electricity metering at WEIS 2010.)

Entry filed under: Academic papers, Politics, Protocols, Security economics, Security engineering

14 comments Add your own

  • 1. Carl  |  July 27th, 2010 at 11:27 UTC

    Great article and a great pair of papers. Once again it seems that the large commercial entities are going to get their way in implementing something that makes both our privacy and way of life more vulnerable to the whims of a small number of CEO’s.

    I also wonder if the focus is really on solving the right problem. After all, could the money required for new meters not be better spent on researching cleaner and cheaper energy generation? Would having cheaper and cleaner energy mean that the measurement of consumption is less of a commercial driver?

  • 2. Shailendra Fuloria  |  July 27th, 2010 at 12:21 UTC

    @Carl: Just trying to put forward the perspective of the network operators on this. So one of the reasons cited by the distribution network operators supporting the smart metering program is that, as of today, while they know a lot about the transmission network and upto the level of primary distribution, they do not have as much information at the secondary distribution level and lower down the chain. The situation will become still more complex with new renewable sources of energy with every house becoming a generator (at least that is the vision of the future). The idea is that smart meters might come to the rescue there, since the DNOs would be able to get the information from each house (each generator if you might say) and this would help in managing the overall dependability of the grid. The question is, do we really need to have smart meters in every house to do this or can we do it by simply having better measurement capabilities at the secondary distribution substation level.

  • 3. Keith Tayler  |  July 27th, 2010 at 12:35 UTC

    A smart attack that took out just a few million meters could trigger a near total grid failure. As we saw in the northeast of the USA and Canada in 2003 (50 million left without power because a tree fell across pylon line), the grid system is very vulnerable.

  • 4. Winfried Tilanus  |  July 27th, 2010 at 12:44 UTC

    The picture of a large-scale attack on the power-grid is of course horrifying, but don’t forget what opportunities controlling the power switch opens to more common kinds of crime: extortion and revenge become like playing a video game. Other nice tactic: look for a shop that stays open although you shut down their power. At the end of the day they will have lot more cash than normal and if you steal the book they have written the sales in too, nobody will know how much you stole.

    And if you want to do a big time crime, like a big robbery: start by crippling the police and private security firms by turning of their mains and reverting them to emergency power. Then start shutting down power to buildings with elevators throughout the town, so all the forces are on the street, on the wrong place. Next do some shops and banks so the security people have to watch those objects (if that isn’t enough, keep switching the power on and of until their utility-power systems / alarm systems break). And now with everybody running around, wandering what is going on, do what you want to do…

    Add a power switch and you can make crime much more ‘fun’…

  • 5. Andy Loughran  |  July 27th, 2010 at 14:06 UTC

    Although I agree that your argument is valid from a freedom perspective, what is not clear is that already there is more than enough opportunity to disable the electric grid; what these meters will do is make it childs play.

  • 6. Ross Anderson  |  July 28th, 2010 at 12:57 UTC

    DECC has launched another consultation on smart meters along with a number of documents on energy policy. Responses on some issues are due by the end of September, and on others by the end of October.

  • 7. Mark Owen  |  July 28th, 2010 at 14:37 UTC

    there are benefits and weaknesses in making a grid/metering smart. a smarter grid will be able to solve issues in a way but can be exploited equally.

    As for the rather fancyful idea of upping a stores cash level if they lost power they shut for a day. they would loose more money as the vast majority of their transactions are now cash based. we had a substation fire in Nottingham city centre a while back which closed the town centre effectively, more money wasnt taken.

    above all this though is if you want to do that, why wait? simply cut through the power line with a JCB or similar physical attack.

    The only difference smart metering/grids allow is you can do it with less risk. Health and Safety at work there for criminals!

  • 8. THEY own the meat puppets but NOT THE SOUL, JESUS SETS YOU FREE!  |  July 29th, 2010 at 02:37 UTC

    they won’t be satisfied until they can stamp your head or hand with an RFID chip, they’ll call it something alluring so all the boneheads will clamour for it.

  • 9. John  |  July 29th, 2010 at 14:01 UTC

    > Who controls the off switch?

    Better be an organisation independant of the electricity companies, so that when – let’s say you have a contract with a company like British Gas and are up to date with your payments – another company like Southern Electric would not cut your power supply because you did not pay (while denying everything for more than one year).
    At least an independant organisation would answer the request by “of course they did not pay you, they are not one of your costumer”.
    First hand experience…

  • 10. Jeff  |  July 30th, 2010 at 14:23 UTC

    I guess they will be using SCADA for this exercise. Don’t worry there are some security papers produced by the government. But not everybody appears to read them.

  • 11. John  |  August 10th, 2010 at 17:18 UTC

    The answer to this question, I fear is hackers! If this does get rolled out, and some government admin bod says in a press conference, “Of course it’s going to be secure!” every hacker is going to take up the challenge. Some bright spark discovers that you can do it via e-billing quite easily, then poof! Everyone in London W12 is sat in the dark! I get the feeling I’m preaching to the converted though….

  • 12. app developer  |  August 12th, 2010 at 14:21 UTC

    I suspect the power companies will get their way on this – politicians have a history of folding to lobbying pressure.
    Whichever way it goes it does highlight how technology is the new battleground between individuals and corporations… if we lose the electric battle today I fear we’ll be more likely to lose the net battle tomorrow.

  • 13. bob newheart  |  October 7th, 2010 at 16:41 UTC

    Revolution! Lets go green, lets go green, lets go green

  • 14. Ross Anderson  |  June 13th, 2012 at 11:15 UTC

    The Daily Mail has picked up this story.

Leave a Comment


Required, hidden

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Subscribe to the comments via RSS Feed


July 2010
« Jun   Aug »